Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A computer-implemented method, comprising: obtaining a first information that indicates a difference in latency between a response to a first data and a response to a second data, wherein the first and second data are transmitted to a first network destination; determining, based at least in part on the first information, a second information that indicates whether at least a portion of the first data was transmitted to a second network destination; and routing, based at least in part on the second information, a data transmission away from a computer system used to transmit at least the portion of the first data to the second network destination.
This invention relates to network latency detection and data routing in computer networks. The problem addressed is ensuring reliable and efficient data transmission by identifying and mitigating latency discrepancies that may indicate misrouted or improperly handled data. The method involves obtaining latency data that compares the response times of two data transmissions sent to the same network destination. By analyzing this latency difference, the system determines whether part of the first data was inadvertently routed to an unintended second network destination. If such misrouting is detected, the system adjusts routing decisions to avoid using the problematic computer system for future transmissions. This helps prevent data loss or corruption by dynamically rerouting traffic away from unreliable paths. The solution leverages latency measurements as an indicator of routing errors, allowing the system to self-correct without requiring manual intervention. This is particularly useful in distributed networks where data integrity and timely delivery are critical. The approach ensures that data follows the intended path, improving network reliability and performance.
2. The computer-implemented method of claim 1 , further comprising using a filtering device to determine the second information that indicates whether at least the portion of the first data was transmitted to the second network destination.
This invention relates to network data transmission monitoring and filtering. The problem addressed is the need to verify whether specific data portions have been successfully transmitted to intended network destinations, particularly in systems where data integrity or delivery confirmation is critical. The method involves analyzing network traffic to determine if a portion of first data was transmitted to a second network destination. A filtering device is used to identify and extract relevant transmission information from the network traffic. This filtering device processes the network data to determine whether the specified portion of the first data was successfully delivered to the second network destination. The filtering device may apply rules or criteria to assess transmission status, such as packet headers, payload content, or network protocols. The method ensures that only the relevant transmission information is isolated for further analysis, improving efficiency and accuracy in monitoring data delivery. The filtering device may operate at various network layers, including application, transport, or network layers, depending on the type of data and transmission protocol being monitored. The extracted information can be used for auditing, compliance, or troubleshooting purposes, ensuring that data transmission meets required standards or contractual obligations. The method is particularly useful in environments where data integrity and delivery verification are critical, such as financial transactions, healthcare records, or secure communications.
3. The computer-implemented method of claim 2 , wherein the filtering device is a router at an edge of a trust zone.
A computer-implemented method for network security involves filtering network traffic at the edge of a trust zone using a router. The router acts as a filtering device to monitor and control data packets entering or leaving the trust zone, which is a designated network area with specific security requirements. The method includes analyzing incoming and outgoing traffic to detect and block unauthorized or malicious data packets based on predefined security policies. The router enforces these policies to prevent unauthorized access, data breaches, or other security threats within the trust zone. This approach enhances network security by ensuring that only trusted and compliant traffic is allowed to pass through the edge of the trust zone, thereby protecting sensitive data and maintaining the integrity of the network. The method may also include logging and reporting traffic activities for further analysis and compliance purposes. By implementing this filtering mechanism at the network edge, the system provides a robust defense against external threats while allowing legitimate traffic to flow seamlessly within the trusted environment.
4. The computer-implemented method of claim 1 , wherein determining the second information comprises determining a score generated based at least in part on a plurality of individual latency measurements for a plurality of responses to a plurality of data transmitted to the first network destination.
This invention relates to network performance monitoring, specifically a method for evaluating latency in data transmission to a network destination. The method addresses the challenge of assessing network reliability and responsiveness by analyzing latency measurements for multiple data transmissions. The system transmits a plurality of data packets to a first network destination and measures the latency of each response. These individual latency measurements are aggregated to generate a composite score, which quantifies the overall performance of the network path to the destination. The score may be used to identify bottlenecks, optimize routing, or trigger corrective actions. The method ensures accurate performance assessment by considering multiple data transmissions rather than a single measurement, reducing the impact of transient anomalies. This approach is particularly useful in environments where consistent low-latency communication is critical, such as real-time applications or distributed systems. The invention improves upon prior art by providing a more robust and reliable latency evaluation mechanism, enhancing network diagnostics and decision-making.
5. The computer-implemented method of claim 1 , wherein determining the second information is performed further based at least in part on a plurality of other responses to other data transmitted to the first network destination; and the first data and second data were transmitted to the network destination along different network paths.
This invention relates to a computer-implemented method for analyzing network traffic to determine information about a network destination. The method addresses the challenge of accurately assessing the behavior and characteristics of a network destination by leveraging multiple data transmissions and responses. The method involves transmitting first data to a network destination and receiving a first response. Based on this response, first information about the network destination is determined. Additionally, second data is transmitted to the same network destination, and a second response is received. The second information is derived from this response, but the determination is further refined by considering a plurality of other responses to other data previously transmitted to the same network destination. This allows for a more comprehensive analysis by incorporating historical or contextual data. The first and second data are transmitted along different network paths, ensuring that the analysis accounts for variations in network conditions or routing. The method may also include transmitting the first and second data at different times or under different conditions to gather diverse response data. The analysis can involve comparing the responses to identify patterns, anomalies, or changes in the network destination's behavior. This approach enhances the accuracy and reliability of the derived information, which can be used for security monitoring, performance optimization, or network diagnostics.
6. The computer-implemented method of claim 1 , further comprising, as a result of the second information indicating that at least the portion of the first data was transmitted to the second network destination, avoiding use of the computer system used to transmit at least the portion of the first data to the second network destination for transmission of a third data.
This invention relates to network data transmission and security, specifically addressing the problem of preventing unauthorized or malicious data transmission by monitoring and controlling network traffic. The method involves detecting when data has been transmitted to an unauthorized or suspicious network destination and then preventing further data transmission through the same system to mitigate security risks. The method operates by analyzing network traffic to identify when at least a portion of data (first data) has been transmitted to a second network destination, which may be unauthorized or suspicious. Upon detecting this transmission, the system avoids using the same computer system (or network path) for transmitting additional data (third data). This prevents further exposure or compromise through the same vulnerable or compromised system. The approach ensures that if a system is used to send data to an unauthorized destination, it is no longer trusted for subsequent transmissions, thereby enhancing network security and reducing the risk of data leaks or attacks. The method may also involve tracking multiple data transmissions and their destinations to determine patterns or anomalies, further refining the decision to block or restrict future transmissions. This proactive approach helps in dynamically adapting to emerging threats and maintaining secure data flows within a network.
7. A system, comprising: one or more processors; and memory that stores computer-executable instructions that, if executed, cause the one or more processors to: obtain a first information that indicates a difference in latency between a response to a first data and a response to a second data, wherein the first and second data are transmitted to a first network destination; determine, based at least in part on the first information, a second information that indicates whether at least a portion of the first data was transmitted to a second network destination; and route, based at least in part on the second information, a data transmission to avoid a computer system used to transmit at least the portion of the first data to the second network destination.
The system addresses latency and routing inefficiencies in network communications, particularly when data is inadvertently transmitted to unintended destinations, causing delays or performance degradation. The system monitors latency differences between responses to data sent to a primary network destination, identifying discrepancies that suggest misrouted traffic. By analyzing these latency patterns, the system determines whether portions of the data were incorrectly transmitted to a secondary, unintended destination. Once identified, the system dynamically adjusts routing to avoid the problematic system responsible for the misrouting, ensuring data is transmitted only to the intended destination. This improves network efficiency, reduces latency, and prevents unintended data exposure. The system operates by processing latency data, deriving routing decisions, and implementing corrective routing measures to maintain optimal network performance.
8. The system of claim 7 , wherein: the instructions further include instructions that, if executed, cause the one or more processors to obtain one or more access control policies that restrict the second network destination from access to the first data; and the instructions to route the data transmission to avoid the computer system used to transmit at least the portion of the first data to the second network destination includes instructions that, if executed, cause the one or more processors to route the data transmission to avoid the computer system based further at least in part on the one or more policies that restrict the second network destination from access to the first data.
The invention relates to network security systems that control data transmission between network destinations based on access policies. The problem addressed is ensuring secure data routing by preventing unauthorized access to sensitive data when transmitting between network endpoints. The system includes one or more processors and memory storing instructions that, when executed, perform specific functions. The system monitors data transmissions between a first network destination and a second network destination, where the first data is being transmitted from the first destination to the second destination. The system identifies a computer system involved in transmitting at least a portion of the first data to the second network destination. To enhance security, the system obtains one or more access control policies that restrict the second network destination from accessing the first data. The system then routes the data transmission to avoid the identified computer system, taking into account the access control policies that restrict the second destination from accessing the first data. This ensures that the data transmission adheres to security policies, preventing unauthorized access or exposure of sensitive information during transit. The routing decision is based on both the identified computer system and the applicable access control policies, ensuring compliance with security requirements.
9. The system of claim 7 , wherein the instructions include instructions that, if executed, further cause the computer system to receive the first data from a computing entity, wherein: the first network destination and the second network destination are located in a trust zone; the computing entity is located outside of the trust zone; and the computer system is an edge router that regulates data traffic entering or leaving the trust zone.
This invention relates to network security systems designed to regulate data traffic between trusted and untrusted network zones. The problem addressed is securing data transfers between a computing entity outside a trust zone and network destinations within the trust zone, ensuring controlled and monitored access. The system includes an edge router that acts as a gateway, enforcing security policies for data entering or leaving the trust zone. The router receives first data from a computing entity located outside the trust zone, where the data is intended for one or more network destinations within the trust zone. The router processes this data according to predefined rules, such as filtering, encryption, or authentication, before allowing it to proceed to the trusted destinations. The system ensures that only authorized and properly validated data traverses the trust zone boundary, mitigating security risks from external sources. The edge router may also handle bidirectional traffic, regulating both incoming and outgoing data flows. It can apply different security measures based on the data's origin, destination, or content, providing granular control over network access. The system is particularly useful in environments where strict security boundaries are required, such as enterprise networks, government systems, or critical infrastructure. By centralizing traffic regulation at the edge, the system simplifies security management while maintaining robust protection against unauthorized access.
10. The system of claim 7 , wherein the first data was transmitted along a network path and the instructions to determine the second information that indicates whether at least the portion of the first data was transmitted to the second network destination includes instructions that, if executed, cause the one or more processors to: obtain a plurality of individual latencies for responses to the data sent along the network path; determine a score based at least in part on comparing the plurality of individual latencies with a threshold latency; and determine, further based at least in part on the score, whether at least the portion of the first data was transmitted to the second network destination.
This invention relates to network data transmission monitoring, specifically detecting whether data has been successfully transmitted to a network destination. The problem addressed is the need to verify data delivery in network communications, particularly in scenarios where confirmation mechanisms like acknowledgments may be unreliable or absent. The system monitors data transmission along a network path by analyzing response latencies. When data is sent to a network destination, the system measures individual latencies for responses to the transmitted data. These latencies are compared against a threshold latency to generate a score. The score is then used to determine whether at least a portion of the transmitted data reached the intended destination. If the latencies consistently fall below the threshold, it indicates successful transmission; if they exceed the threshold, it suggests potential delivery failure. The system may also include components for sending data to a network destination and receiving responses, as well as processing the responses to extract latency information. The threshold latency can be dynamically adjusted based on network conditions or historical data. This approach provides a probabilistic assessment of data delivery without requiring explicit acknowledgment from the destination, making it useful in environments where traditional confirmation methods are impractical.
11. The system of claim 7 , wherein the difference in latency is calculated based at least in part on a first individual latency of a first response to at least the portion of the first data and at least in part on a second individual latency of a second response to at least a portion of the second data.
A system for optimizing data processing in distributed computing environments addresses the challenge of efficiently managing data transfers between nodes to minimize latency and improve performance. The system monitors and compares the latency of responses from different data sources or nodes when processing portions of data. Specifically, it calculates the difference in latency between a first response to a portion of first data and a second response to a portion of second data. This comparison helps identify performance bottlenecks or inefficiencies in data retrieval or processing paths. The system may use this latency difference to dynamically adjust routing, prioritize data sources, or optimize workload distribution. By analyzing individual latencies of responses, the system ensures that data is processed through the most efficient paths, reducing overall latency and enhancing system responsiveness. This approach is particularly useful in distributed systems where multiple nodes or data sources may have varying response times due to network conditions, load balancing, or hardware differences. The system's ability to quantify and act on latency differences enables proactive optimization of data flow, improving efficiency and reliability in large-scale computing environments.
12. The system of claim 11 , wherein the first individual latency and the second individual latency are used to calculate a fraud score based at least in part on a time decay factor that weighs more recent responses more heavily.
This invention relates to fraud detection systems that analyze response latencies to identify potentially fraudulent transactions. The system measures the time taken for a user to respond to a challenge, such as a CAPTCHA or authentication prompt, and compares it to expected latency patterns. The system calculates individual latencies for multiple responses, then applies a time decay factor to weigh more recent responses more heavily when computing a fraud score. This approach helps distinguish between legitimate users and automated bots, as human response times typically vary naturally, while bots exhibit consistent or unnaturally fast responses. The fraud score is derived from the weighted latencies, allowing the system to adapt to changing behavior patterns over time. The system may also incorporate additional factors, such as historical response data or behavioral analytics, to enhance accuracy. By dynamically adjusting the weight of recent responses, the system improves detection of evolving fraud techniques while reducing false positives. The invention is particularly useful in online transactions, account logins, and other security-sensitive applications where rapid and accurate fraud detection is critical.
13. A non-transitory computer-readable storage medium comprising executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least: obtain a first information that indicates a difference in latency between a response to a first data and a response to a second data, wherein the first and second data are transmitted to a first network destination; determine, based at least in part on the first information, a second information that indicates whether at least a portion of the first data was transmitted to a second network destination; and route, based at least in part on the second information, a data transmission away from a second computer system used to transmit at least the portion of the first data to the second network destination.
This invention relates to network routing optimization by detecting and mitigating latency discrepancies caused by unintended data transmission paths. The system monitors latency differences between responses to data sent to a primary network destination, identifying when portions of data are inadvertently routed to an alternate destination. By analyzing latency variations, the system determines whether misrouting occurred and dynamically adjusts routing decisions to avoid using the problematic path for future transmissions. The solution improves network efficiency and reliability by preventing data from being sent through suboptimal or incorrect routes, ensuring data integrity and reducing latency. The system operates by comparing response times to detect anomalies, determining the likelihood of misrouting, and rerouting traffic away from compromised systems to maintain optimal performance. This approach is particularly useful in distributed networks where data integrity and low-latency communication are critical.
14. The non-transitory computer-readable storage medium of claim 13 , wherein the computer system comprises a filtering device part of a firewall configured to establish a trust zone that includes the first network destination and the second network destination.
This invention relates to network security, specifically to a system for managing trusted network communications. The problem addressed is the need to securely establish and manage trust relationships between network destinations to prevent unauthorized access while allowing legitimate traffic. The solution involves a computer system with a filtering device, such as a firewall, that creates a trust zone encompassing multiple network destinations. This trust zone allows secure communication between the included destinations while enforcing access controls for external entities. The filtering device monitors and regulates traffic within the trust zone, ensuring that only authorized communications occur between the designated destinations. The system may also include additional components, such as a network interface and a processor, to facilitate the establishment and maintenance of the trust zone. The invention improves network security by dynamically adjusting trust boundaries based on predefined policies, reducing the risk of unauthorized access while maintaining efficient communication between trusted endpoints. This approach is particularly useful in environments where multiple systems or devices need to communicate securely without exposing them to broader network vulnerabilities.
15. The non-transitory computer-readable storage medium of claim 14 , wherein the filtering device operates in accordance with a border gateway protocol (BGP).
A system and method for network traffic filtering involves a filtering device that processes network traffic based on predefined rules. The filtering device is configured to receive network traffic from a source device and determine whether the traffic should be allowed or blocked based on the rules. The rules may include criteria such as source or destination addresses, protocols, or other packet attributes. The filtering device may also log or analyze the traffic for monitoring or security purposes. In some implementations, the filtering device operates in accordance with the Border Gateway Protocol (BGP), which is used for routing traffic between autonomous systems on the internet. The BGP-based filtering device can filter traffic based on routing information exchanged between networks, ensuring that traffic adheres to predefined policies or security requirements. The system may also include a management interface for configuring the filtering rules and monitoring the device's performance. The filtering device may be deployed as a standalone appliance or integrated into existing network infrastructure. The overall goal is to enhance network security and control by selectively allowing or blocking traffic based on dynamic routing protocols like BGP.
16. The non-transitory computer-readable storage medium of claim 13 , wherein the instructions to determine the routing for the data transmission away include instructions that, as a result of execution, further cause the computer system to route the data transmission away from a computer entity as a result of the determination indicating that the first data was transmitted to the second network destination.
This invention relates to network data transmission routing, specifically to systems that dynamically adjust routing paths based on data transmission patterns. The problem addressed is ensuring secure and efficient data transmission by avoiding certain network entities when specific conditions are met. The system monitors data flows within a network, identifying when data is transmitted to a particular network destination. If the system detects that first data was sent to a second network destination, it automatically reroutes subsequent data transmissions away from a designated computer entity. This prevents unauthorized access, mitigates security risks, or optimizes network performance by dynamically adjusting routing paths. The solution involves a computer system executing instructions stored on a non-transitory medium, where the instructions analyze transmission data and trigger routing changes based on predefined conditions. The routing logic ensures that data is diverted from the specified entity when the transmission condition is satisfied, enhancing network security and operational efficiency. The system may integrate with existing network infrastructure, using real-time monitoring and automated decision-making to adapt routing dynamically. This approach is particularly useful in environments where certain network entities should not receive specific data types or where transmission patterns indicate potential security threats.
17. The non-transitory computer-readable storage medium of claim 13 , wherein the first data was transmitted along a network path and the instructions to determine, based at least in part on the first information, the second information includes instructions that, as a result of execution, cause the computer system to: obtain a plurality of individual latencies for responses to the data sent along the network path over a time period; and determine a score based at least in part on weighing a first individual latency of the plurality more heavily than a second individual latency of the plurality based on a time decay factor.
This invention relates to network performance monitoring, specifically to a method for evaluating network path quality by analyzing latency data over time. The system measures response times for data transmitted along a network path and calculates a performance score that accounts for temporal relevance, giving more weight to recent latency measurements than older ones. By applying a time decay factor, the system ensures that the score reflects current network conditions rather than historical data, improving accuracy in assessing real-time performance. The approach helps identify network degradation or improvements, enabling proactive management of network resources. The solution addresses the challenge of accurately assessing network reliability in dynamic environments where latency can fluctuate due to varying traffic, congestion, or hardware changes. The weighted scoring mechanism provides a more precise evaluation compared to simple averages, which may be skewed by outdated measurements. This method is particularly useful for applications requiring consistent performance, such as real-time communication, cloud services, or financial transactions. The system processes latency data over a defined period, applies the decay factor to prioritize recent measurements, and generates a score that quantifies network stability and responsiveness.
18. The non-transitory computer-readable storage medium of claim 13 , wherein the first information indicates a statistical measure of a plurality of responses to the first data.
A system and method for analyzing and processing data responses involves storing data on a non-transitory computer-readable medium, where the data includes a statistical measure derived from multiple responses to a set of input data. The system collects and processes these responses to generate statistical metrics, such as averages, distributions, or other quantitative assessments, which are then stored for further analysis. This approach allows for the aggregation and evaluation of response data to identify patterns, trends, or insights that may not be apparent from individual responses alone. The stored statistical measures can be used for decision-making, predictive modeling, or quality control in various applications, such as surveys, user feedback systems, or experimental data analysis. By quantifying and storing response data in this manner, the system enables more efficient and accurate analysis of large datasets, improving the reliability and actionability of the derived insights. The method ensures that the statistical measures are preserved in a structured format, facilitating retrieval and processing for subsequent analytical tasks.
19. The non-transitory computer-readable storage medium of claim 13 , wherein the instructions further cause the computer system to perturb a routing path to obtain the information that indicates the latency.
This invention relates to network routing optimization, specifically a method for measuring and improving network latency by perturbing routing paths. The system involves a computer-readable storage medium containing instructions that, when executed, enable a computer system to analyze network performance. The core functionality includes perturbing a routing path—meaning intentionally altering or testing different network routes—to measure latency, which is the delay in data transmission. By perturbing the path, the system can gather latency data to identify optimal or suboptimal routes, allowing for dynamic adjustments to improve network efficiency. The system may also involve monitoring network conditions, such as congestion or link failures, to determine when path perturbations are necessary. The goal is to enhance real-time network performance by dynamically adapting routing decisions based on latency measurements obtained through controlled path perturbations. This approach is particularly useful in large-scale networks where static routing may lead to inefficiencies or bottlenecks. The invention focuses on automated, data-driven routing optimization to reduce latency and improve overall network reliability.
20. The non-transitory computer-readable storage medium of claim 19 , wherein the instructions that cause the computer system to perturb the routing path, as a result of execution, cause the computer system to instruct a network device, separate from the computer system, to perturb the routing path.
This invention relates to network routing systems designed to improve traffic management and security by dynamically altering routing paths. The problem addressed is the vulnerability of static routing paths to congestion, failures, or malicious attacks, which can degrade network performance or compromise security. The solution involves a computer system that perturbs or modifies routing paths in a network to enhance resilience and efficiency. The system executes instructions stored on a non-transitory computer-readable medium to analyze network conditions and determine optimal perturbations. These perturbations may include rerouting traffic through alternative paths, adjusting bandwidth allocation, or introducing controlled delays to mitigate congestion or evade detection by adversaries. The system can also instruct separate network devices, such as routers or switches, to implement these perturbations, ensuring distributed and coordinated adjustments across the network. By dynamically altering routing paths, the system improves fault tolerance, reduces latency, and enhances security by making traffic patterns less predictable. This approach is particularly useful in large-scale networks where static routing can lead to inefficiencies or vulnerabilities.
Unknown
February 25, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.